Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.2.121

Improved Password Change Protocol Using One-way Function  

Jeon Il-Soo (Kumoh National Institute of Technology)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.2, 2006 , pp. 121-127 More about this Journal
Abstract
Recently, Chang et at.$^[9]$ proposed a new password-based key agreement protocol and a password change protocol to improve the efficiency in the password-based authenticated key agreement protocol proposed by Yeh et at.$^[8]$. However, Wang et al.$^[10]$ showed that their protected password change protocol is not secure under the denial of service attack and the dictionary attack This paper proposes an improved password change protocol to solve this problems in the Chang et al's protocol. In the proposed protocol, the format of communication messages is modified not to have any clue for the guessing of the password and verifying of the guessed password. The proposed protocol supports the advantages in the previous password-based protocols and solves the problems in them effectively.
Keywords
Key exchange protocol; Password change protocol; Authentication; One-way function;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Tseng Y.M., 'Weakness in simple authenticated key agreement protocol,' IEE Electronics Letter, Vol. 36, No. 1, pp. 48-49, 2000   DOI   ScienceOn
2 Ku W.C., and Wang S.D., 'Cryptanalysis of modified authenticated key agreement protocol,' IEE Electronics Letter, Vol. 36, No. 21, pp. 1770-1771, 2000   DOI   ScienceOn
3 Sun H., 'On the security of simple authenticated key agreement algorithm,' Proceedings of the Management Theory Workshop 2000, 2000
4 Seo D.H., and Sweeney P., 'Simple authenticated key agreement algorithm,' IEE Electronics Letter, Vol. 35, No. 13, pp. 1073-1074, 1999   DOI   ScienceOn
5 Kumar M., 'The password change phase is still insecure,' cs.CR/0409004 2004
6 Diffie W., and Hellman M.E., 'New directions in cryptography,' IEEE Trans., Vol. IT-22, No. 6, pp. 644-654, 1976
7 Yeh H.T. and Sun H.M., 'Simple authenticated key agreement protocol resistant to password guessing attacks,' ACM SIGOPS Operating Systems Review, Vol. 36, No. 4, pp. 14-22, 2002   DOI
8 Wang C.I., Fan C.I., and Guan D.J., 'Cryptanalysis on Chang-Yang-Hwang protected password change protocol,' Cryptology ePrint Archive 2005/182,http://eprint.iacr.org/2005/182
9 Ku W.C. and Chen S.M. 'Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards,' IEEE Trans. on Consumer Electronics, Vol. 50, No. 1, pp. 204-207, 2004   DOI   ScienceOn
10 Hsu C.L. 'Security of Chien et al.'s remote user authentication scheme using smart cards,' Computer Standards and Interface, Vol. 26, No. 3, pp. 167-169, 2004   DOI   ScienceOn
11 Hsieh B.T., Sun H.M., and Hwang T., 'Cryptanalysis of enhancement for simple authentication key agreement algorithm,' IEE Electronics Letter, Vol. 38, No. 1, pp. 20-21, 2002   DOI   ScienceOn
12 Lin I.C., Chang C.C., and Hwang M.S., 'Security Enhancement for the Simple Authentication Key Agreement Algorithm,' 24th Ann. Int. Computer Software and Applications Conf., pp. 113-115, 2000
13 Chang T.Y., Yang W.P, and Hwang M.S., 'Simple authenticated key agreement and protected password change protocol,' An International Journal Computers & Mathematics with Applications, Vol. 49, pp. 703-714, 2005   DOI   ScienceOn
14 Yoon E.J., Ryu E.K., and Yoo K.Y., 'Further improvement of an efficient password based remote user authentication scheme using smart cards,' IEEE Trans. on Consumer Electronics, Vol. 50, No. 2, pp. 612-614, 2004   DOI   ScienceOn